vpp: manual merge PRs from master to 202511#1786
Merged
vmittal-msft merged 7 commits intosonic-net:202511from Mar 9, 2026
Merged
vpp: manual merge PRs from master to 202511#1786vmittal-msft merged 7 commits intosonic-net:202511from
vmittal-msft merged 7 commits intosonic-net:202511from
Conversation
* Enabling sonic-mgmt ACL testing for Sonic-VPP * Use retval in debugs
Signed-off-by: Yue Gao <yuega2@cisco.com>
* Handle acl attachment through LAG update * Add default permit-all rules * Support ACL with UDP protocol * if protocol is not specified but port or port-range is create 2 rules with proto UDP and TCP. vpp requires proto to be set if port or port-range is used * realign ace stats index because each ace can map to multiple acl rules Signed-off-by: Yue Gao <yuega2@cisco.com>
why currently vpp doesn't support binding multiple ACL tables. Each table is appended with default permit-all rules. With multiple tables, this may cause acl matched by such rules and skip the actual rule to make in the tables after this one. what this PR does remove the default permit-all rules for each table If a table is empty, create a dummy rule that won't match any traffic because vpp doesn't allow empty table. The dummy rule matches dest-ip to 0.0.0.0/32 sort all the tables by priority in the table group. vpp doesn't support parallel matching added catch-all acl group to the end. vpp default behavior of no match is drop but sonic is accept. Fix sonic-vpp crashing due to race condition during stats pull. If the interface to get stats has been removed, stat_segment_ls_r returns null. Signed-off-by: Yue Gao <yuega2@cisco.com>
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
|
Hi @vmittal-msft - please help merge. These commits have merge conflicts to 202511 hence the manual PR. Thanks a lot! |
Contributor
Author
|
/azpw run |
Collaborator
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
dypet
approved these changes
Mar 9, 2026
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
what I did
Cherry-pick:
why I did it
vpp in 202511 branch doesn't support ACL without above PRs